GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
118 advisories
Filter by severity
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request...
Moderate
Unreviewed
CVE-2024-34535
was published
Oct 3, 2024
Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component:...
High
Unreviewed
CVE-2024-21088
was published
Apr 17, 2024
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can...
Moderate
Unreviewed
CVE-2024-24795
was published
Apr 4, 2024
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to...
Moderate
Unreviewed
CVE-2023-51219
was published
Jun 3, 2024
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0'...
High
Unreviewed
CVE-2024-52530
was published
Nov 11, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before....
Critical
Unreviewed
CVE-2024-22081
was published
Mar 20, 2024
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the ...
Moderate
Unreviewed
CVE-2023-50811
was published
Mar 20, 2024
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.
High
Unreviewed
CVE-2024-44775
was published
Oct 15, 2024
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture...
High
Unreviewed
CVE-2024-8912
was published
Oct 11, 2024
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This...
Critical
Unreviewed
CVE-2023-33934
was published
Aug 9, 2023
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Moderate
Unreviewed
CVE-2024-42342
was published
Sep 8, 2024
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite ...
Moderate
Unreviewed
CVE-2024-20915
was published
Feb 17, 2024
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can...
Critical
Unreviewed
CVE-2024-35161
was published
Jul 26, 2024
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards...
High
Unreviewed
CVE-2023-38522
was published
Jul 26, 2024
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to...
Moderate
Unreviewed
CVE-2016-15039
was published
Jul 11, 2024
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command...
High
Unreviewed
CVE-2024-38494
was published
Jul 15, 2024
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache...
Moderate
Unreviewed
CVE-2024-32638
was published
May 2, 2024
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an...
Moderate
Unreviewed
CVE-2024-22279
was published
Jun 10, 2024
Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not...
Moderate
Unreviewed
CVE-2019-17567
was published
May 24, 2022
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected...
Unknown
Unreviewed
CVE-2024-23316
was published
May 31, 2024
HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent...
Moderate
Unreviewed
CVE-2023-30910
was published
Oct 9, 2023
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions...
Critical
Unreviewed
CVE-2023-41265
was published
Aug 30, 2023
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and...
High
Unreviewed
CVE-2023-40225
was published
Aug 10, 2023
VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with...
Moderate
Unreviewed
CVE-2023-34037
was published
Aug 4, 2023
An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP...
Critical
Unreviewed
CVE-2023-33987
was published
Jul 11, 2023
ProTip!
Advisories are also available from the
GraphQL API